From a76ad1478fb8cbc7914e94a24c7942de429c8445 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 2 Apr 2017 16:44:44 -0700 Subject: crypto updates --- include/crypto.php | 44 +++++++++++++++++++++++++++++++++++--------- include/zot.php | 3 --- 2 files changed, 35 insertions(+), 12 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index f75390985..2c5545e9b 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -55,6 +55,7 @@ function AES256CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } + function AES128CBC_encrypt($data,$key,$iv) { $key = substr($key,0,16); $iv = substr($iv,0,16); @@ -67,18 +68,33 @@ function AES128CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function STD_encrypt($data,$key,$iv) { + +function AES256CTR_encrypt($data,$key,$iv) { $key = substr($key,0,32); $iv = substr($iv,0,16); - return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); + return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function STD_decrypt($data,$key,$iv) { +function AES256CTR_decrypt($data,$key,$iv) { $key = substr($key,0,32); $iv = substr($iv,0,16); - return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); + return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + + +function CAMELLIA256CFB_encrypt($data,$key,$iv) { + $key = substr($key,0,32); + $iv = substr($iv,0,16); + return openssl_encrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function CAMELLIA256CFB_decrypt($data,$key,$iv) { + $key = substr($key,0,32); + $iv = substr($iv,0,16); + return openssl_decrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } + function CAST5CBC_encrypt($data,$key,$iv) { $key = substr($key,0,16); $iv = substr($iv,0,8); @@ -91,6 +107,20 @@ function CAST5CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); } +function CAST5CFB_encrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_encrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); +} + +function CAST5CFB_decrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_decrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); +} + + + function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { $fn = strtoupper($alg) . '_encrypt'; @@ -142,17 +172,13 @@ function other_encapsulate($data,$pubkey,$alg) { function crypto_methods() { - if(\Zotlabs\Lib\System::get_server_role() !== 'pro') - return [ 'aes256cbc' ]; - - // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a // particular implementation or choice of underlying implementations based on the key/iv length. // The actual methods are responsible for deriving the actual key/iv from the provided parameters; // possibly by truncation or segmentation - though many other methods could be used. - $r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + $r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; call_hooks('crypto_methods',$r); return $r; diff --git a/include/zot.php b/include/zot.php index 8a2178913..b3999920f 100644 --- a/include/zot.php +++ b/include/zot.php @@ -165,9 +165,6 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot function zot_best_algorithm($methods) { - if(\Zotlabs\Lib\System::get_server_role() !== 'pro') - return 'aes256cbc'; - $x = [ 'methods' => $methods, 'result' => '' ]; call_hooks('zot_best_algorithm',$x); if($x['result']) -- cgit v1.2.3 From 19b2568133d14cd27cc1340defac733ee0cd4ad3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 30 Mar 2017 21:04:55 -0700 Subject: whitespace --- include/import.php | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'include') diff --git a/include/import.php b/include/import.php index f6ebd4bff..9007dbe74 100644 --- a/include/import.php +++ b/include/import.php @@ -98,7 +98,7 @@ function import_channel($channel, $account_id, $seize) { $r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1", intval($account_id), - $channel['channel_guid'] // Already dbesc'd + dbesc($channel['channel_guid']) ); if(! $r) { logger('mod_import: channel not found. ' . print_r($channel,true)); @@ -195,23 +195,24 @@ function import_hublocs($channel, $hublocs, $seize, $moving = false) { } if(! array_key_exists('hubloc_primary',$hubloc)) { - $hubloc['hubloc_primary'] = (($hubloc['hubloc_flags'] & 0x0001) ? 1 : 0); - $hubloc['hubloc_orphancheck'] = (($hubloc['hubloc_flags'] & 0x0004) ? 1 : 0); - $hubloc['hubloc_error'] = (($hubloc['hubloc_status'] & 0x0003) ? 1 : 0); - $hubloc['hubloc_deleted'] = (($hubloc['hubloc_flags'] & 0x1000) ? 1 : 0); + $hubloc['hubloc_primary'] = (($hubloc['hubloc_flags'] & 0x0001) ? 1 : 0); + $hubloc['hubloc_orphancheck'] = (($hubloc['hubloc_flags'] & 0x0004) ? 1 : 0); + $hubloc['hubloc_error'] = (($hubloc['hubloc_status'] & 0x0003) ? 1 : 0); + $hubloc['hubloc_deleted'] = (($hubloc['hubloc_flags'] & 0x1000) ? 1 : 0); } if($moving && $hubloc['hubloc_hash'] === $channel['channel_hash'] && $hubloc['hubloc_url'] !== z_root()) { $hubloc['hubloc_deleted'] = 1; } - $arr = array( - 'guid' => $hubloc['hubloc_guid'], + $arr = [ + 'guid' => $hubloc['hubloc_guid'], 'guid_sig' => $hubloc['hubloc_guid_sig'], - 'url' => $hubloc['hubloc_url'], - 'url_sig' => $hubloc['hubloc_url_sig'], - 'sitekey' => ((array_key_exists('hubloc_sitekey',$hubloc)) ? $hubloc['hubloc_sitekey'] : '') - ); + 'url' => $hubloc['hubloc_url'], + 'url_sig' => $hubloc['hubloc_url_sig'], + 'sitekey' => ((array_key_exists('hubloc_sitekey',$hubloc)) ? $hubloc['hubloc_sitekey'] : '') + ]; + if(($hubloc['hubloc_hash'] === $channel['channel_hash']) && intval($hubloc['hubloc_primary']) && ($seize)) $hubloc['hubloc_primary'] = 0; @@ -1443,7 +1444,8 @@ function import_webpage_element($element, $channel, $type) { // The author is either the owner or whomever was specified $arr['author_xchan'] = (($element['author_xchan']) ? $element['author_xchan'] : get_observer_hash()); // Import mimetype if it is a valid mimetype for the element - $mimetypes = [ 'text/bbcode', + $mimetypes = [ + 'text/bbcode', 'text/html', 'text/markdown', 'text/plain', -- cgit v1.2.3 From c8a886e3990b705b011e7c2c2306d3179eb824a4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 2 Apr 2017 17:09:51 -0700 Subject: import authors from any unrecognised network as network 'unknown'. --- include/items.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 304a7acfc..a0f366a4a 100755 --- a/include/items.php +++ b/include/items.php @@ -769,6 +769,8 @@ function import_author_xchan($x) { if($arr['xchan_hash']) return $arr['xchan_hash']; + $y = false; + if((! array_key_exists('network', $x)) || ($x['network'] === 'zot')) { $y = import_author_zot($x); } @@ -779,9 +781,7 @@ function import_author_xchan($x) { $y = import_author_rss($x); } - if($x['network'] === 'unknown') { - $y = import_author_unknown($x); - } + $y = import_author_unknown($x); return(($y) ? $y : false); } -- cgit v1.2.3 From 75cd816e02464d3486495bf802cf6f2e16f78041 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 2 Apr 2017 17:12:42 -0700 Subject: logic error --- include/items.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index a0f366a4a..42661e2b1 100755 --- a/include/items.php +++ b/include/items.php @@ -781,9 +781,11 @@ function import_author_xchan($x) { $y = import_author_rss($x); } - $y = import_author_unknown($x); + if(! $y) { + $y = import_author_unknown($x); + } - return(($y) ? $y : false); + return($y); } /** -- cgit v1.2.3 From 405e3fc21459015a63753d4fbd219d5f9920829b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 2 Apr 2017 19:46:20 -0700 Subject: import_author_zot() - check for both hubloc and xchan entries. This should catch and repair entries which were subject to transient storage failures. --- include/zot.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index b3999920f..266060839 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3578,21 +3578,30 @@ function get_rpost_path($observer) { function import_author_zot($x) { + // Check that we have both a hubloc and xchan record - as occasionally storage calls will fail and + // we may only end up with one; which results in posts with no author name or photo and are a bit + // of a hassle to repair. If either or both are missing, do a full discovery probe. + $hash = make_xchan_hash($x['guid'],$x['guid_sig']); - $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_primary = 1 limit 1", + $r1 = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_primary = 1 limit 1", dbesc($x['guid']), dbesc($x['guid_sig']) ); - if ($r) { - logger('import_author_zot: in cache', LOGGER_DEBUG); + $r2 = q("select xchan_hash from xchan where xchan_guid = '%s' and xchan_guid_sig = '%s' limit 1", + dbesc($x['guid']), + dbesc($x['guid_sig']) + ); + + if($r1 && $r2) { + logger('in cache', LOGGER_DEBUG); return $hash; } - logger('import_author_zot: entry not in cache - probing: ' . print_r($x,true), LOGGER_DEBUG); + logger('not in cache - probing: ' . print_r($x,true), LOGGER_DEBUG); $them = array('hubloc_url' => $x['url'], 'xchan_guid' => $x['guid'], 'xchan_guid_sig' => $x['guid_sig']); - if (zot_refresh($them)) + if(zot_refresh($them)) return $hash; return false; -- cgit v1.2.3 From d35678b89126104d4665b9b4d9ae04e504b5f2d1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 2 Apr 2017 20:03:27 -0700 Subject: change hook for perm_is_allowed while retaining backwards compatibility --- include/permissions.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index d21b45550..f719394c5 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -314,11 +314,12 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { 'channel_id' => $uid, 'observer_hash' => $observer_xchan, 'permission' => $permission, - 'result' => false); + 'result' => 'unset'); call_hooks('perm_is_allowed', $arr); - if($arr['result']) - return true; + if($arr['result'] !== 'unset') { + return $arr['result']; + } $global_perms = \Zotlabs\Access\Permissions::Perms(); -- cgit v1.2.3 From a9bda2b12e3d393fa854e23207a081052e2e7bfd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 2 Apr 2017 22:20:37 -0700 Subject: sql error photos_albums_list with non-logged-in viewer --- include/items.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 42661e2b1..933b9ef81 100755 --- a/include/items.php +++ b/include/items.php @@ -1826,9 +1826,12 @@ logger('revision: ' . $arr['revision']); intval($arr['revision']) ); - if($r && count($r)) { + if($r) { + // This will gives us a fresh copy of what's now in the DB and undo the db escaping, + // which really messes up the notifications + $current_post = $r[0]['id']; - $arr = $r[0]; // This will gives us a fresh copy of what's now in the DB and undo the db escaping, which really messes up the notifications + $arr = $r[0]; logger('item_store: created item ' . $current_post, LOGGER_DEBUG); } else { -- cgit v1.2.3 From 50612565e97bcb20a822f94766fb5e1bd38f7cda Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 3 Apr 2017 16:43:30 -0700 Subject: create site_store_lowlevel() to initialise data structures for the site table --- include/dir_fns.php | 31 +++++++++++-------------------- include/hubloc.php | 27 +++++++++++++++++++++++++++ include/queue_fn.php | 12 ++++++++---- include/zot.php | 32 +++++++++++++++++--------------- 4 files changed, 63 insertions(+), 39 deletions(-) (limited to 'include') diff --git a/include/dir_fns.php b/include/dir_fns.php index 3922730fc..2bd1228ec 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -185,26 +185,17 @@ function sync_directories($dirmode) { /** @FIXME What to do if we're in a different realm? */ if ((! $r) && (z_root() != DIRECTORY_FALLBACK_MASTER)) { - $r = array(); - $r[] = array( - 'site_url' => DIRECTORY_FALLBACK_MASTER, - 'site_flags' => DIRECTORY_MODE_PRIMARY, - 'site_update' => NULL_DATE, - 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', - 'site_realm' => DIRECTORY_REALM, - 'site_valid' => 1, - 'site_crypto' => 'aes256cbc' - - ); - $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid, site_crypto ) - values ( '%s', %d, '%s', '%s', '%s', %d, '%s' ) ", - dbesc($r[0]['site_url']), - intval($r[0]['site_flags']), - dbesc($r[0]['site_update']), - dbesc($r[0]['site_directory']), - dbesc($r[0]['site_realm']), - intval($r[0]['site_valid']), - dbesc($r[0]['site_crypto']) + + $x = site_store_lowlevel( + [ + 'site_url' => DIRECTORY_FALLBACK_MASTER, + 'site_flags' => DIRECTORY_MODE_PRIMARY, + 'site_update' => NULL_DATE, + 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', + 'site_realm' => DIRECTORY_REALM, + 'site_valid' => 1, + 'site_crypto' => 'aes256cbc' + ] ); $r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ", diff --git a/include/hubloc.php b/include/hubloc.php index 599252522..0daa5908c 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -39,6 +39,33 @@ function hubloc_store_lowlevel($arr) { return create_table_from_array('hubloc', $store); } +function site_store_lowlevel($arr) { + + $store = [ + 'site_url' => ((array_key_exists('site_url',$arr)) ? $arr['site_url'] : ''), + 'site_access' => ((array_key_exists('site_access',$arr)) ? $arr['site_access'] : 0), + 'site_flags' => ((array_key_exists('site_flags',$arr)) ? $arr['site_flags'] : 0), + 'site_update' => ((array_key_exists('site_update',$arr)) ? $arr['site_update'] : NULL_DATE), + 'site_pull' => ((array_key_exists('site_pull',$arr)) ? $arr['site_pull'] : NULL_DATE), + 'site_sync' => ((array_key_exists('site_sync',$arr)) ? $arr['site_sync'] : NULL_DATE), + 'site_directory' => ((array_key_exists('site_directory',$arr)) ? $arr['site_directory'] : ''), + 'site_register' => ((array_key_exists('site_register',$arr)) ? $arr['site_register'] : 0), + 'site_sellpage' => ((array_key_exists('site_sellpage',$arr)) ? $arr['site_sellpage'] : ''), + 'site_location' => ((array_key_exists('site_location',$arr)) ? $arr['site_location'] : ''), + 'site_realm' => ((array_key_exists('site_realm',$arr)) ? $arr['site_realm'] : ''), + 'site_valid' => ((array_key_exists('site_valid',$arr)) ? $arr['site_valid'] : 0), + 'site_dead' => ((array_key_exists('site_dead',$arr)) ? $arr['site_dead'] : 0), + 'site_type' => ((array_key_exists('site_type',$arr)) ? $arr['site_type'] : 0), + 'site_project' => ((array_key_exists('site_project',$arr)) ? $arr['site_project'] : ''), + 'site_version' => ((array_key_exists('site_version',$arr)) ? $arr['site_version'] : ''), + 'site_crypto' => ((array_key_exists('site_crypto',$arr)) ? $arr['site_crypto'] : '') + ]; + + return create_table_from_array('site', $store); +} + + + function prune_hub_reinstalls() { diff --git a/include/queue_fn.php b/include/queue_fn.php index ede6c8f11..c9179b953 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -146,10 +146,14 @@ function queue_deliver($outq, $immediate = false) { // your site has existed. Since we don't know for sure what these sites are, // call them unknown - q("insert into site (site_url, site_update, site_dead, site_type, site_crypto) values ('%s','%s',0,%d,'') ", - dbesc($base), - dbesc(datetime_convert()), - intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN) + site_store_lowlevel( + [ + 'site_url' => $base, + 'site_update' => datetime_convert(), + 'site_dead' => 0, + 'site_type' => intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN), + 'site_crypto' => '' + ] ); } } diff --git a/include/zot.php b/include/zot.php index 266060839..1a4f6534b 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2897,22 +2897,24 @@ function import_site($arr, $pubkey) { else { $update = true; - $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version, site_crypto ) - values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s', '%s' )", - dbesc($site_location), - dbesc($url), - intval($access_policy), - intval($site_directory), - dbesc(datetime_convert()), - dbesc($directory_url), - intval($register_policy), - dbesc($sellpage), - dbesc($site_realm), - intval(SITE_TYPE_ZOT), - dbesc($site_project), - dbesc($site_version), - dbesc($site_crypto) + $r = site_store_lowlevel( + [ + 'site_location' => $site_location, + 'site_url' => $url, + 'site_access' => intval($access_policy), + 'site_flags' => intval($site_directory), + 'site_update' => datetime_convert(), + 'site_directory' => $directory_url, + 'site_register' => intval($register_policy), + 'site_sellpage' => $sellpage, + 'site_realm' => $site_realm, + 'site_type' => intval(SITE_TYPE_ZOT), + 'site_project' => $site_project, + 'site_version' => $site_version, + 'site_crypto' => $site_crypto + ] ); + if(! $r) { logger('import_site: record create failed. ' . print_r($arr,true)); } -- cgit v1.2.3